Credit Card Companies Use Artificial Intelligence to Thwart Thieves

by Margaret Webb Pressler, Washington Post

Two credit cards were recently stolen from my wallet. The thief
was
smart: Rather than pilfering my entire wallet from my purse while I
relaxed over lunch, he (she?) merely lifted a couple of cards and put
my
wallet back in my purse. Because I didn't notice the missing cards, the
thief had more time to run up a few charges.

I discovered what had happened the next day when I got a call from
American Express security, which wanted to verify some unusual spending
on
my corporate account. The charges included $1,000 at Best Buy, $250 at
some oil-change place in Virginia and a fill-up at a gas station. On my
Visa was a $100 charge at a suburban 7-Eleven.

In addition to wondering how anyone could spend $100 at a 7-Eleven,
I
immediately blamed the various cashiers who obviously had not checked
the
signatures on my cards. If only they had checked, I fumed to myself, none
of this would have happened.

As it turns out, however, credit card companies no longer rely on
retail clerks to catch the crooks.

With billions of dollars at stake, and ever more clever crooks,
the
credit card companies have become very, very smart about protecting
themselves by using astonishingly sophisticated network computers and
software programs.

"We're at a level whereby we can understand with artificial
intelligence . . . the potentially fraudulent transactions," said Raf
Sorrentino, vice president of risk management for First Data Corp., one
of
the country's biggest providers of credit card processing and payment
services.

Credit card fraud costs the industry about a billion dollars a year,
or
7 cents out of every $100 dollars spent on plastic. But that is down
significantly from its peak about a decade ago, Sorrentino says, in large
part because of the powerful technology that can recognize unusual
spending patterns.

Take the thief of my American Express corporate card. I use it rarely,
and when I do it's usually for a moderately priced lunch. A charge of
$1,000 at a consumer electronics store immediately flagged the American
Express security system -- so quickly, actually, that it told Best Buy
not
to approve the transaction.

"There's a logic in the system," said Judy Tenzer, a spokeswoman
for
American Express.

And it's not just a sudden surge in spending that can set off a
warning. If there were a charge on my card in Omaha, and five minutes
later in Berlin, that also would send up a red flag. Crooks buy and sell
credit card numbers over the Internet, so the computer networks that
monitor spending patterns have to process data worldwide, instantaneously,
24 hours a day.

The credit card companies don't share many details about the layers
of
security they've put in place to cut their losses from fraud, aside from
stressing the size of their computer networks. As Tenzer of American
Express put it: "The more detail I would tell you, the more detail the
criminals would read." The system is all about staying one step ahead
of
the thieves.

It's no wonder the lowly signature isn't considered much of a security
measure, compared with the other firepower being thrown at the problem.
Yet credit card executives are loath to dismiss outright the importance
of
checking signatures, calling it a deterrent or another level of safety.
They say there are occasional instances of a cashier catching a criminal
in the act, which usually causes the perpetrator to flee.

But the one message that's clear from numerous industry executives
is
that retail cashiers don't have the level of responsibility they may seem
to have when they check a credit card signature.

"You can't expect cashiers to be handwriting experts," said Sorrentino
of First Data.

This all makes me feel pretty naive, because I'd always figured
that
the simple act of comparing names was pretty important. I even thank
clerks who do check my signature. But in the case of my credit card being
used at Best Buy -- notwithstanding my initial furor -- the store never
even got as far as looking at my John Hancock. And that's really how the
system is supposed to work, said Paul Stone, vice president of loss
prevention for the Minneapolis-based chain.

"The first line of defense is the line of defense with the credit
card
company," he said. "We really are the second line of defense."

Keeping the signature even less important is that retailers don't
get
penalized for not doing it. Typically the costs for fraudulently purchased
items are covered by the issuer of the credit card or the bank that
processes all of a merchant's electronic payments. There are few legal
or
contractual requirements to check signatures, and it's harder to make
such
a step mandatory these days, anyway, given the explosion of small
card-processing devices at cash registers that allow shoppers to swipe
a
credit card and never even hand it to the clerk.

Nevertheless, Stone insists, "the retailer is not scot-free" in
the
credit card fraud equation. Each fraudulent transaction is investigated
to
find out what happened, and sometimes the retailer does have to pay. But
more important, Stone said, is that the credit card companies have the
right to raise the fees they charge a retailer if fraud becomes a
problem.

For that reason, Best Buy does train all its employees to check
signatures, and it reinforces that training if credit card fraud becomes
a
problem at a particular store.

"It is all about the costs that would eventually add up if you weren't
trying to help out in this whole process," Stone said.

And speaking of costs adding up, you know who ultimately pays for
all
this fancy computer technology -- to say nothing of the fraud that still
gets through? We, the cardholders, through higher fees and rates. The
only
comfort in that is to know that the fees would be even higher if the
system relied just on cashiers to protect us from the thieves.